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Attachment 
on Specific Points 
Executive Summary 


Para. 1.6--The wisdom of preserving the operation of informa- 
tion handling systems and maintenance of data bases on 

a decentralized basis, with the CISO undertaking centralized 
planning and recommending funding levels, is sound. As noted 
above, however, the planning function must be shared and 

we assume that the principal initiative for planning new 
systems will continue to rest with the line organizations 
who, by virtue of their close contact with the user, will 
best understand the deficiencies of extant systems and 


» the need for change. Perhaps this point could be clarified. 


Para. 1.8--Given the schedules imposed by the budget formula— 
tion process, it seems unrealistic to propose that the CISO 
organization, yet unborn, can get underway quickly enough 

to influence the FY-80 budget plan. Indeed, the CIHS Start- 
Up Schedule (Fig. 4.1) at the end of the report seems to 
suggest otherwise. 


Report 


Para. 1.7--Per your instructions, CIA included only those 
administrative files which could be of possible interest 
to the Intelligence Community. Our personnel, payroll, 
and financial files, in particular, were excluded from 
our submission. 


Para. 1.12--This discussion of shared data bases seems 
to suggest that only automated files accessible through 
remote on-line terminals are shared. Actually there 
are many additional files shared through telephonic 

or other means. long provided 
support 
throug e grey phone system. 

Vr subject index to Community 
intelligence reporting is used by many other agencies 
than CIA, even though only a subset of the file is 
available for interrogation on-line by other NFIB members. 


Para. 2.2--The undue emphasis often placed on automation 
vs. manual processes is wisely avoided here and elsewhere 
in the report and annexes. As indicated, there must be 
a careful evaluation of the trade-offs on a case-by-case 
basis. 
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© Para 2.3-—The meaning of the fourth sentence in this 
paragraph beginning with the words “This system (CIHS) 
must possess..." is obscure. In addition, it is said here 
that a CIHS must be developed whereas paragraph 1.8 of 
the Executive Summary recommends that the CISO should 
"undertake actions to evaluate the feasibility” (underlining 
added) of a CIHS. This contradiction should be eliminated. 


Oo Para. 3.7--An excellent point is made here about the 
need to approach data base sharing cautiously, with due 
regard for cost/benefit considerations, and the possible 
alternatives (e.g., mail systems) to remote querying via 
telecommunication networks. 


Oo Para. 3.8--Another commendable cautionary note is 
expressed about the expense of changing systems in 
behalf of other users and the assurances needed 
that the additional resources will be forthcoming 
before such commitments are undertaken. 


o Para. 3.14—The discussion included here of problems 
and possible cost implications of data element stan- 
dardization is well done and properly stressed. Among 
other things, reference is made to the possibility of 
using the computer to translate from one indexing 
standard to another. Again, this is a problem often 
subjected to oversimplified “solutions.” 


Oo Para. 3.17--While the issue of whether to automate 
an activity should certainly undergo rigorous analysis 
by, among others, the CISO, let no one underestimate 
the difficulty of this process or suggest that mere 
improved "managerial techniques" can readily overcome 
the associated problems. 


© Para. 3.21~-The implication of this paragraph appears 
to be that all ADP proposals will be reviewed by the 
CIsoO. If so, we submit that this organization would 
need a staff far in excess of the “High Intensity” 
level of the 15 proposed for its Information System 
Analysis Division. Presumably, such reviews will 
have to be limited to systems exceeding a certain 
anticipated funding level. 


O Para. 3.23--Some reference should be made in this 
section of the report to the on-going CIA Executive 
Advisory Group's review of ADP systems. The paragraph 
should not suggest that top management has given no 
attention to the costs of ADP systems and resource 
competition in this area. 
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Para. 3.25--This is a most commendable recital of 
principles to guide Community information handling, 
which we fully support. 


Annex A 

Para. 1.2--We would suggest an addition to the last 
sentence of this paragraph stressing that some of the 
listed systems are not as yet operational. Until one 
examines the follow-on tables in some detail, this fact 
does not become apparent. We are also at a loss to 
understand why some of the largest and most significant 
production support systems are not included in the 
tables, e.g., the 3.1 million record AEGIS file and 
CIRC, while much less important systems are. 


Table A-l--For the line entry starting with CIA/SAFRE: 
change 1) "CIA/SAFE" to "SAFE"; 

change 2) "CIA/Support" to "Support"; 

change 3) "CIA" to "DIA/CIA". 


Table A-J--Delete the line entry starting with DIA/SAFE. 


Tab 2-—The average age of Model 360/67 is listed as 1.2 years. 
The CIA 360/67 was installed in 1969. Recommend the 
average age figure be verified. 


Annex B 


General--This annex reviews some very practical aspects 
of the entire information handling issue. ‘The tables 
on pages B-6-8 are useful as well. Much of Annex B, 
however, is either redundant or adds little te the 
report. Listing the COINS files, for example, does 
not convey much to the reader because the files are 
not described. 


Para. 1.1—Reference should be made to other ways of 
sharing files than by electronic means. 


Para. 1.4--This important paragraph might have gone on 
to point out that because of the unique characteristics 
of the different Community data bases, it is virtually 
impossible to design a single information handling 
system, including software and hardware, which will 
suit more than a few application areas. This applies 
to the SAFE/ADISS system as well as to projects of 
lesser magnitude. 
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Para. 1.6--In addition to the excellent point made 
about providing the necessary resources to an 
organization charged with fulfilling some Community 
information handling responsibility, one might add 
that users of such a system also need the assurance 
that if they cease and desist storing the same data 
themselves, the activity will be continued more or 
less indefinitely. 


Table B-2-~Information Services Staff is incorrectly 
identified 


Para. 2.1]~—-Dissemination controls are indiscriminately 
mixed with security classifications in a sentence near 
the end of this paragraph. Beginning with the words 


- "SI Compartment," what follows should be descr ibed 


as some of the dissemination controls used in addition 
to security classifications. 


Para. 3.5--We object to the use of the word "today" 

at the beginning of the 4th sentence. ‘The information 
handling role of central reference services, at least 
in the CIA, has never been limited to the activities 
of the traditional Tibrary. 


Annex C 


General--This discussion of the CISO would be more 
useful if the CISO staffing estimate compared the 
current number of IHC staffers handling coordination 
efforts with at least the short-term personnel totals 
planned for the CISO. This could help in evaluation of 
the work cut out for the CISO in the first six months 
against what appears to be an underestimate of the 
manpower required to do the job. There is no 
identification in Annex C of the means by which 

the CISO manpower requirements have been estimated. 


Para. 1.4: Fifth line - change "carry out" to 
"coordinate". 


Para. 1.4: Ninth line ~ change "develop and use" to 
"establish requirements for, monitor the development 
of, and use", 


Page C-2: Footnote - delete ", as defined in Annex a". 
Figure C-2: Para. 2 under FUNCTIONS — change "To design 


and establish" to "To establish the requirements for 
and monitor the development of". 
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oO Figure C-4: It is not clear what the Contractor Support 
functions of the Community Planning Division are. It 
is believed they should be: 
Coordinate planning for Contractor Support. 
Coordinate contract monitoring and administration. 


o Figure C-8: Para 3 under FUNCTICNS - Change "develop" 
- to "coordinate". 


o Figure C-9: The CISO includes a Security and Privacy 
Standards Branch, which presumably would function as 
a focal point for Community computer security policy 
and standards. The DCI Security Committee currently 
has a subcommittee devoted to the development of 
computer security policy. While it might be profitable 
to transfer this function to the proposed CISO, a 
move in this direction should not be pursued 
summarily, without detailed Community coordination. 
Such review might suggest the need for a computer 
security focal point in the CISO in addition to the 
functions of the DCI Security Committee in this 
area. However, if Annex C is sent to Congress, we 
‘urge that all reference to a computer security 
function in the CISC be deleted along with the 
identification of the Security and Privacy Standards 
Branch. 


Annex D 

We strongly recommend this Annex be eliminated from 
the report. In terms of authority to act, the new 
Executive Order provides such authority until a 
DCID can be coordinated within the NFIB community. 
Annex E 

This annex is redundant and too detailed. Paragraph 


3.6 stresses user needs, an excellent point, but it 
could be removed and placed elsewhere. 
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IMPROVED CENTRAL OVERVIEW OF AUTOMATIC DATA PROCESSING IN CIA 


(Addendum to CIA submission for the 

‘Intelligence Community ADP Inventory 

for presentation to the Senate Select 
one ae Committee on IntelLigencey ated” Ay ave eee 
aa Pe a aO a ST ee ie ee 


(FOUO) While ADP initiative is decentralized within CIA, so that ADP may 
best be directed toward local needs and weighed carefully against ee 
methods to accomplish a component's assigned tasks, Agency manageme: 
has taken significant. ss this past year to SOE OVE central overvie 
of ADP expenditures. | 


£ 
(FOUO) In a memorandum ve the Executive Advisory: Group (FAG) in Decémber 
1976, the DDCY asked the Comptroller and the Director of Data Processing 
. to make joint recommendations with respect to two issues: 
- J. “What can be done to improve top management's ability 
to plan for future ADP resource requirements so that we may 
assure ourselves that the large ADP budget increases we are 
experiencing are in the overall interests of the Agency? 
How can the key ADP investment issues we face be brought 
forward for top management review so that we may establish 
guidance for the budget planning process?" 


2. “How can we monitor current month-by~month use of 
the central services provided by the Office of Data Processing 
(ODP) in such a way as to ensure visibility to top management 
of the many demands being levied on ODP by Agency components 
and permit Agency~level decisions to be made on priorities 


‘when contentions for limited ODP resources arise?" 


(FOUO) A joint paper was written by the Comptroller and the Director 
of Data Processing on the two issues. ‘The BAG agreed in April 1977 to 
the actions they recommended, which were these: } 


1. The EAG will establish a deliberate ADP badoet 
during the CIA program review, focusing broadly on the 
functional use of ADP and on major ADP investments— 
the key computer projects of Agency components that 
will spend over $250,000 on ADP during the program 
year, ODP-supported projects which are expected to cost 
over $250,000, CDP expansion plans, and important 
new projects identified by components. 
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2. During the operating year, the BAG will 
perform a thorough, systematic review of the cost 
effectiveness of all major projects which are CUE EonTy 
supported by OpP's: central services. 


(FOUO) The Comptroller and the Director of Data Processing developed 
procedures to carry out the spOve recommendations. The SE EOeENS events 
have since taken places 


. 7 "2. ° An Agency ADP ee was peepaves by the Comptroller” 

‘. and included (for the first time) within the proposed 1979 2 
Agency Program Plan. In June 1977, the EAG addressed the 
issues identified therein and agreed upon ADP funding levels, 


" -2. In December 1977, the EAG began reviewing individually 
the 21 major projects supported by ODP on behalf of Agency 
components, to evaluate these uses of ODP’s resources within 
_ its 1978 funding level. . The BAG was provided a Project Decision 
. Form for each project, containing a project description and 
statements of its objectives and Dene ETS st0 weigh against 
estimated resource requirements. 


(FOUO) Both of thease EAG actions have resulted in imcesaees control 
of ADP growth by top management. They have caused managers at every 
level to plan their use of ADP with improved focus on cost effectiveness. 
The effort represents high-level managerial attention to computer use 
which is, to our knowledge, unique in Government. 


u, 


we 
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